package cn.suimg.shortlink.config;

import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;


/**
 * Spring Security 配置
 */
@EnableWebSecurity
@EnableOAuth2Sso
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {



    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http

                .authorizeRequests()
                .antMatchers("/**").permitAll()
                .and()
                //退出页面地址,如需修改为自己的SSO请修改次地址
                .logout()
                .logoutUrl("/logout/index.do")
                .logoutSuccessUrl("https://sso.suimg.cn/logout/index.do")
                .deleteCookies("JSESSIONID")
                .and()
                //防止CSRF攻击
                .csrf().disable()
                .headers()
                //禁止iframe页面嵌套
                .frameOptions().disable()

        ;
    }

    @Bean
    public OAuth2RestTemplate oAuth2RestTemplate(OAuth2ClientContext oAuth2ClientContext, OAuth2ProtectedResourceDetails details){
        return new OAuth2RestTemplate(details,oAuth2ClientContext);
    }


}
